[Feature] Add tags to incident

[piaudonn]

I think adding the possibility to add a tag to the incident directly on each module might be helpful.
Let say Entra ID Risk module, we could have a module input property called AddTagForHishRiskUser and if that is set different than null, it would add the value of the property as a tag to the original incident. In the TI module, an input property called AddTagForIPMatch, if that is null then it does nothing if it is set with let say "IP TI Match" then it would add that tag to the incident.
And it would do nothing if that's called on an alert.
Or maybe a tag module that just does tag. Right now in order to tag based on the output of a module, we have to add a control condition and then an update incident action.

Thoughts?

[briandelmsft]

@piaudonn I like it

[sylvainhamel1]

What about tagging an incident if an Entity (Account) registered an MFA method recently ? (in the last 48 hours). I was to make my own Logic app for doing so. Maybe you could also tag if a device were recently registered in Entra ID or if an Oauth app was consent by a user ?

[NobleWolf]

What about tagging an incident if an Entity (Account) registered an MFA method recently ? (in the last 48 hours). I was to make my own Logic app for doing so. Maybe you could also tag if a device were recently registered in Entra ID or if an Oauth app was consent by a user ?

This sounds like it would be easy to get into a lot of tags. @sylvainhamel1 , and others, what kind of tagging do you use in your environment? Or what is your tagging philosophy?